From the course: Oracle Cloud Infrastructure Foundations

VCN introduction

From the course: Oracle Cloud Infrastructure Foundations

Start my 1-month free trial Buy for my team

VCN introduction

(ethereal music) - Welcome to this module on OCI networking. Let's start with an introduction. So what is a virtual cloud network? At its core, it's a private software defined network you create in Oracle Cloud. It's used for secure communication, whether instances talking to each other, instances talking to on premises environments, or instances talking to other instances in different regions, you would use virtual cloud network. It lives in an OCI region, Like we said, it's a regional service. It's highly available, massively scalable and secure, and we take care of these things for you. So before we dive deep into the VCN and all the characteristics and all the features it has, let's look at some of the basic stuff. So the first thing is VCN has an address space. In this case, you see this address space is denoted in a CIDR notation. CIDR stands for classless inter-domain routing. This is a foundation score, so we are not getting into the details of how you create these CIDR notations, but you can read up more on the web, or you could pull up a subnet calculator and you can get all the details. So you can see here the VCN has an IP addressing range. And what that means is you have an address range. You take that range, and you can break it down into smaller networks, which are called subnetworks. And these subnetworks are where you would instantiate your compute instances. So in this example, as you can see, the 10.0.0.00/16 network is broken down into 256 smaller networks, a couple of which are shown on the screen, the public subnet 10.0.1,0/24, and the private subnet. And as I said, your instances get spun up in these subnets. So if you spin up a web instance, it gets an IP address as shown. If you spin up a DB instance, you get an IP address, private IP address as shown. And this IP address is used for all communication going forward. So talking about communication, what different mechanisms exist inside a VCN? So the first, there is a notion of internet gateway. This is a gateway which is massively scalable, highly available, and is used for communication to anything on the internet. So if you have a web server which wants to talk to other websites on the web, being able to be accessed publicly, you would use an internet gateway. So going to the internet and coming back from the internet. You also have this highly available, massively scalable router called NAT Gateway, and it is used for providing NAT as a service. So what this means is the traffic is unidirectional. It can go from your private subnets to the internet, but users from the internet cannot use the NAT gateway to reach your instances running in a private subnet. So the idea with the NAT gateway is to enable outbound communication to the internet, but block inbound communications or connections initiated from the internet. Then we have another router, which is called service gateway. And the idea is it lets resources in VCN access public OCI services such as object storage, but without using an internet or NAT gateway. So these are the three scenarios. internet gateway for internet, NAT gateway also for internet, but unidirectional and service gateway for accessing OCI public services, which are available on the internet but accessing them in a secure manner. And then the other construct is called Dynamic Routing Gateway. This is a virtual router that provides a path for private traffic between your VCN and destinations other than the internet. So what can these destinations be? Well, this can be your on-premises environments. Just to recap, VCN, your software defined networking, highly scalable, secure, highly available, and you have various mechanisms, various routers to enable the communication whether it's going to the internet or it's going to your on-premises environment. Thanks for watching.

Contents